The Application log is used for storing IP log information on the sensor. There are two locations that you can view statistics on your Application log. In IME/IDM, it is located on the dashboard for the device, it will be under the CPU, memory and diskusage load measurements. You can also see it in the output of the "show version" CLI command.
The "application-log" is actually the /usr/cids/idsRoot/var/iplog disk partition. You can see it with the "df -h" command for the service account on the IDS.
For example, the 4255 sensor is configured to pre-create 512 storage files that are each 1Mbyte in size. When IP Logs get created they get stored in these pre-created storage files.
The files are created once on startup and new files are never created. The sensor uses these pre-created files as a sort of circular buffer for the storage of the IP Log files.
Since there will never be any more files, the sensor is safe to create the /usr/cids/idsRoot/var/iplog disk partition to just slightly larger than the 512 Mbytes that these files use up.
So the % that you see for the application log, even if high, usage is perfectly normal and will never increase or decrease. It should always remain the same while the sensor is running.
NOTE: Sometimes the number of storage files changes, or the size of the disk partition may change during a Major Update, Minor Update, or Service Pack. So you might see a difference in percentage between one version and another. But you should not see it change as long as the same version is running.
You will also see a difference between different types of sensors. A 4240 for example, may only create 128 storage files instead of 512 storage files. So the 4240 may only use up 128 M byte. If the partition is still set to slightly more than 512 M bytes, then the percentage on the 4240 will be quite a bit less than that seen on a 4255, but this is not a problem. And the 4240 percentage usage will remain unchanged so long as the same version is running. It is just simply the difference in how the 2 platforms use memory.
See attached config and log results.When Admin logs with SSH on Switch, ISE assigned the proper shell profile but never assign the Command Set when he types commands. See figure "TACACS Log Pass authorization but without Command set applied.jpg"Plea...
Okay, this is my first time here. I am setting up a home lab. Router(2921) to a layer 3 switch(3560) to an ASA(5520). The router to layer 3 switch works fine. On the switch I have 2 vlans setup (vlan 1 10.4.0.1/24, vlan 2 10.3.0.1/24) connected directly t...
Any issues using same IP address (diff port for TACACS for f5 VIPs for both RADIUS functions and TACACS+ to the SAME PSN nodes? PSN nodes have ONE IP. Example:VIP1: 10.10.10.1 Radius VIP with all its settings for AUTHVIP2: 10.10.10.1 Profiling VIP as...
HI have a ASA instance on a Firepower 4420 device.I have defined Eth1/1 as the management interface with ip address 10.80.80.5 255.255.255.0 and default gateway as 10.80.80.1 config !interface Ethernet1/1management-onlynameif managementsec...
Hello, Currently I am running FMC 4000 with 184.108.40.206 ( Build 34 ). Planning to Patch FMC so that I can remove below both Vulnerability 1. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191112-asa-ftd-lua-rce ----...